[NBLUG/talk] Crypt Filesystems

[Jacob Appelbaum]

Walter Hansen wrote:
>> I suggest not having a copy of the passphrase on the system in question --
>> if you need it to be automated, perhaps storing it on another system,
>> available via inetd, with tcp.wrappers only allowing its IP to get the
>> passphrase...
>>
>> The idea is that the bad guy who physically removes the drive will find
>> that
>> the key is nowhere to be found on the drive -- and, can't get the key
>> without
>> being (at the very least) on the backup system's network.
>>
>> Just more 2cents...
>>
>>  -Scott
> 
> 
> You missed the one detail that makes it a non issue. We're not looking for
> on the server security. The backup drive is swappable (almost hot). The
> concern is that a backup drive could be lost or stolen off prem and the
> backup used for evil intent. The solution is to encrypt the data and not
> keep the key and passphrase with the backup drive. In the solution I make
> a couple CDs with the passphrase/key and store them to a different
> loacations (send one home with each of two bosses). Then if the building
> burns down I take one of the backup drives, get a key cd from one of the
> bosses and (with $20,000) re-create our entire business in a new location
> in one week. At least that's the idea.
> 


I think that Scott has a pretty solid idea actually. Though I'd use a
combination of iptables and ssh-keys for authentication and access.

This way you could keep the drive encrypted on site and the drive
encrypted off site as well. This would help prevent with an issue of
theft of your backup server and if the information is important enough
to encrypt in the first place, it's probably best to not let it touch
the disk unencrypted.

Protecting against one threat is good but the extra effort it takes to
protect against several more in this case is just a few more minutes of
setup (namely setting a second device to be encrypted rather than just one).

Best,
Jacob